Electronic key for authentication

ABSTRACT

An electronic key supports a plurality of authentication methods and effectively prevents bidding-down attacks. For this purpose, security information is additionally provided by the electronic key, based on which a card reading device recognizes which authentication methods are supported by the electronic key. When the reading device recognizes based on said information that the electronic key supports a stronger second authentication method, but the authentication method was not recognized by the card reading device, the electronic key is, for example, rejected.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a U.S. National Stage Application of International Application No. PCT/EP2010/053608 filed Mar. 19, 2010, which designates the United States of America, and claims priority to German Application No. 10 2009 021 011.3 filed May 13, 2009. The contents of which are hereby incorporated by reference in their entirety.

TECHNICAL FIELD

The invention relates to an electronic key for authentication of a user and to a method and a system for authentication of a user by means of an electronic key and a reading device.

BACKGROUND

Authentication methods for security-critical services often have to be replaced over time by newer and better methods. One example of this is the EC card, whose original version allowed information stored in an existing magnetic strip to be used in conjunction with a PIN (Personal Identification Number) for the purpose of authorizing access to an associated account. However, there has recently been an increasing number of so-called skimming attacks, in which the card is copied by means of additional devices attached to the automatic teller machines and the PIN is illicitly obtained by suitable technical means. The contents of the magnetic strip are then copied to a new card, thereby allowing unauthorized access to the account. The data from the magnetic strip is usually encrypted or protected by a cryptographic checksum, such that the information cannot be read without knowledge of the central key. However, an unauthorized user who has copied the entire magnetic strip and is in possession of the PIN does not need this central key.

In the meanwhile, newer EC cards therefore support an integrated smartcard, which cannot be copied as easily as a magnetic strip. This offers considerably greater security than the magnetic strip-based method. In order to ensure backwards compatibility with existing systems, the magnetic strip-based method is nonetheless still supported, thereby avoiding the need to replace all automatic teller machines at the same time.

The automatic teller machine or card reader checks the presence of a contacted smartcard chip by means of a galvanic connection to the chipcard contacts on the card. The presence of a smartcard chip can be detected, for example, because it transmits an ATR message (answer to reset) when the supply voltage is applied. If a smartcard chip is detected, the smartcard-based authentication method is used instead of the magnetic card-based authentication method. If no smartcard chip is detected, however, the existing magnetic strip-based authentication method is used.

In this context, the problem arises that it is still easy to copy the magnetic strip of cards which support both the magnetic strip-based authentication method and the smartcard-based authentication method. A copied card is then also accepted by automatic teller machines which would actually support both the magnetic strip-based authentication method and the smartcard-based authentication method. Such attacks are also called “bidding-down” attacks.

Bidding-down attacks are known in the context of security protocols for authentication and key negotiation. An authentication protocol supports a plurality of variants having various strengths. The two communication partners initially exchange information relating to the variants that are supported in each case. The strongest of the variants supported by both is selected and used in the protocol routine. Since the initial information exchange is not yet cryptographically protected against tampering, however, an unauthorized user can manipulate the exchanged information in such a way that a weak method is selected, although both communication partners would also support strong methods. In order to achieve this, the unauthorized user pretends that a communication partner only supports this weak variant. As a countermeasure, many protocols check the integrity of the initial information exchange retrospectively when the authentication and key negotiation are complete. Checksums are calculated, transferred and verified for this purpose.

SUMMARY

According to various embodiments, an electronic key can be specified which supports a plurality of authentication methods and prevents the aforementioned bidding-down attacks.

According to an embodiment, in an electronic key for authentication of a user, the authentication can be performed by means of at least two authentication methods in each case, and separate security information is stored for an authentication method in each case, said security information being readable via at least one interface, wherein the security information relating to a first authentication method includes information relating to the support for at least one further authentication method.

According to a further embodiment, the at least one interface can be designed as a contacted chipcard, contactless chipcard or magnetic strip. According to a further embodiment, the integrity of the information relating to the support for a further authentication method can be protected by a cryptographic checksum. According to a further embodiment, the information relating to the support for a further authentication method can be retrieved from a server.

According to another embodiment, in a method for authentication of a user by means of a reading device and an electronic key as described above, the following steps can be carried out by the reading device: -ascertaining first authentication methods supported by the electronic key, -selecting an authentication method from the supported first authentication methods according to a predefinable rule, -reading security information relating to the selected authentication method, -ascertaining supported second authentication methods on the basis of the security information, -verifying the selected authentication method on the basis of the supported second authentication methods according to a predefinable checking rule, such that -the authentication using the selected authentication method is continued if a verification result conforms to the checking rule, -the authentication using the selected authentication method is prevented if a verification result does not conform to the checking rule. According to a further embodiment of the method, the authentication using the electronic key can be prevented.

According to yet another embodiment, a system for authentication of a user, may comprise -an electronic key having means for performing at least two authentication methods, wherein separate security information is stored for an authentication method in each case, said security information being readable via at least one interface, and wherein the security information relating to a first authentication method includes information relating to the support for at least one further authentication method, -a reading device having means for ascertaining further supported authentication methods on the basis of the security information that is read, and for verifying a selected authentication method on the basis of the further supported authentication methods according to a predefinable checking rule, such that -the authentication using the selected authentication method is continued if a verification result conforms to the checking rule, -the authentication using the selected authentication method is prevented if a verification result does not conform to the checking rule.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention is explained in greater detail below with reference to exemplary embodiments and with reference to the drawings, in which:

FIG. 1 shows a schematic illustration of a system for authentication comprising an electronic key (ST) and three card reading devices (STR1, STR2, STR3);

FIG. 2 shows a schematic illustration of information that is stored on a magnetic strip according to the prior art and according to various embodiments;

FIG. 3 shows a flow diagram of the method according to various embodiments.

DETAILED DESCRIPTION

The electronic key (security token) according to various embodiments for authentication of a user supports at least two authentication methods, wherein separate security information is stored for an authentication method in each case. The respective security information can be read via at least one interface. The security information relating to a first authentication method includes information relating to the support for at least one further authentication method.

Without restricting the general applicability of the term, an electronic key comprises security tokens which store at least one item of security information relating to the authentication of a user. In this case, it can be identification information or a cryptographic key for authentication of a user. The electronic key can be realized in different module formats, e.g. as a chipcard, a USB stick or a memory card. Furthermore, the electronic key has different interfaces, these being designed in the form of e.g. a chipcard interface, USB interface, memory card interface (SD card, MMC card) or wireless interface. The interface can also take the form of a magnetic strip or a machine-readable zone.

According to various embodiments, an electronic key (security token) may support at least two authentication methods of different types. Security information that is assigned in each case to the respective authentication method is stored separately on the electronic key and can be read via different interfaces of the electronic key. Included as part of the security information relating to the first authentication method is information relating to the support for the second authentication method. For example, the presence of a smartcard chip on the card is encoded on the magnetic strip of an EC card. This information is encrypted using a system key of the issuing bank, for example, such that the information relating to the presence of the smartcard chip is likewise protected.

A card reading device therefore advantageously detects which authentication methods are supported by the electronic key. If the reading device detects, on the basis of this information, that the electronic key supports a stronger second authentication method, but this authentication method was not detected by the card reading device, the electronic key is rejected, for example.

In an embodiment, the information relating to the support for a further authentication method is stored on a server. The information can be requested from this server by the card reading device.

The method for authentication of a user by means of a reading device and an electronic key according to various embodiments comprises the following steps, which are performed by the reading device: The first authentication methods supported by the electronic key are ascertained. An authentication method is selected from the supported first authentication methods according to a rule (policy) that can be predefined. Security information relating to the selected authentication method is read. On the basis of the security information that has been read, supported second authentication methods are ascertained. On the basis of the supported second authentication methods, the selected authentication method is verified according to a predefinable checking rule (checking policy), such that the authentication using the selected authentication method is continued if the verification result conforms to the checking rule, and the authentication using the selected authentication method is prevented if the verification result does not conform to the checking rule.

The system for authentication of a user according to various embodiments features an electronic key comprising means for performing at least two authentication methods, wherein separate security information is stored in each case for an authentication method and can be read in each case via at least one interface, and wherein the security information relating to a first authentication method features information relating to the support for at least one further authentication method. The system also features a reading device comprising means for ascertaining further supported authentication methods on the basis of the security information that has been read, and means for verifying a selected authentication method on the basis of the further supported authentication methods according to a predefinable checking rule, such that the authentication using the selected authentication method is continued if the verification result conforms to the checking rule, and the authentication using the selected authentication method is cancelled if the verification result does not conform to the checking rule.

FIG. 1 shows an electronic key ST which supports a magnetic strip-based authentication method and a chipcard-based authentication method. Using the smartcard chip, communication is effected via the contact pads on the top side of the card. Three card reading devices STR1, STR2 and STR3 are also depicted in FIG. 1. The first card reading device STR1 only supports the magnetic strip-based authentication method, while the second card reading device STR2 supports both the smartcard-based authentication method and the magnetic strip-based authentication method. The third card reading device STR3 is connected to a backend system BE via a communication network that is not shown. Using this connection, the card reading device STR3 can obtain information from the backend system BE on the basis of the identification data that is read out from the electronic key ST. The card reading device STR3 likewise supports both the magnetic strip-based authentication method and the smartcard-based authentication method.

According to various embodiments, the security of the superior smartcard-based authentication method is consistently retained, since a bidding-down attack to the weaker magnetic strip-based authentication method is not possible. This means that a card reading device which also supports a strong authentication variant (e.g. STR2 and STR3) can no longer be duped into using the weaker authentication variant of an electronic key that also supports the strong variant.

Even if both the electronic key ST and the reading device STR2 or STR3 support authentication using the magnetic strip, the various embodiments ensure that a bidding-down unauthorized user is unable to use this weaker authentication method, if both the electronic key ST and the card reading device STR2 or STR3 support the superior authentication method. The weak authentication method is only used if the electronic key ST or the card reading device STR1 actually does support only the weaker authentication variant.

Consequently, the security of an electronic key (security token) which supports a plurality of variants of authentication methods, and the security of an authentication method using this electronic key are increased. It is not sufficient to compromise one of these variants, but a plurality or generally all of the supported variants must be replicated on a replicated (cloned) electronic key. This significantly increases the cost of a successful attack and therefore also the security against a successful attack.

Applications include all methods in which migration occurs from a weak authentication technology to a further, stronger authentication technology.

FIG. 2 shows a schematic illustration of information that is stored on a magnetic strip. In the prior art 201, information such as e.g. purpose, issuer, account number and cardholder name is stored by means of the card CI (card information). A checksum LRC (longitudinal redundancy check) is provided for protection against read errors.

According to various embodiments, additional information is provided 202. For example, information relating to further supported authentication methods AV is provided. This information relating to further supported authentication methods is optionally protected by a separate cryptographic checksum CKS, e.g. in the form of a message authentication code. The cryptographic checksum is calculated using the fields CI and AV, for example.

According to an embodiment, authorizations or services can be associated with the strength of the selected authentication. This allows e.g. new services to be associated with the stronger authentication methods, thereby preventing misuse of older cards.

FIG. 3 shows a flow diagram of an exemplary embodiment of the method for authentication of a user using a reading device and an electronic key. Following insertion 301 of the electronic key (an EC card here) into the card reading device (an automatic teller machine here), the EC card is first detected 302 as such by the automatic teller machine. The automatic teller machine then ascertains 303 from the inserted EC card which authentication variants are actually supported.

In particular, the presence of a smartcard chip is checked in this exemplary embodiment. This can involve various degrees of complexity, e.g. by detecting a contact pad for a chip at the designated position. This can be established e.g. by virtue of the presence of a galvanic connection and hence a current being able to flow. A further option is to detect the presence of smartcard chip communication, e.g. in the form of an ATR (answer to reset) message. It is also possible to read identification information from the smartcard chip, e.g. a serial number in the ATR message, and to compare this with checking information which is stored on the magnetic strip. Such a checksum is stored on the magnetic strip and evaluated, for example, or is calculated and evaluated by means of combined information that is stored partly on the magnetic strip and partly on the chip.

In the following step 304, an authentication variant is selected according to a defined rule (policy). This normally means that, if there is a plurality of authentication variants, the cryptographically most secure or strongest is selected. Following thereupon, the associated security information is read 305 via the associated interface. The authentication variants supported by the electronic key are then ascertained 306 on the basis of the security information.

Finally, the authentication method that was selected in step 304 and the supported authentication methods ascertained from the security information in step 306 are checked with reference to a checking rule in step 307. If the verification result does not conform to the checking rule 308, the method for authentication of a user is cancelled and an error message is displayed, for example. For example, this applies if a magnetic strip-based authentication method was selected but it is evident, on the basis of the security information and the checking rule, that both the reading device and the electronic key could apply a smartcard-based method.

However, if the verification result in the step 307 conforms to the checking rule, the authentication method is continued using the selected authentication method. The method terminates in step 310. 

What is claimed is:
 1. An electronic key for authentication of a user, wherein the authentication can be performed by means of at least two authentication methods in each case, comprising memory and at least one interface, wherein separate security information is stored in said memory for an authentication method in each case, said security information being readable via the at least one interface, and wherein the security information relating to a first authentication method includes information relating to the support for at least one further authentication method.
 2. The electronic key according to claim 1, wherein the at least one interface is designed as a contacted chipcard, contactless chipcard or magnetic strip.
 3. The electronic key according to claim 1, wherein the integrity of the information relating to the support for a further authentication method is protected by a cryptographic checksum.
 4. The electronic key according to claim 1, wherein the information relating to the support for a further authentication method can be retrieved from a server.
 5. A method for authentication of a user by means of a reading device and an electronic key, the method comprising the following steps carried out by the reading device: ascertaining first authentication methods supported by the electronic key, selecting an authentication method from the supported first authentication methods according to a predefinable rule, reading security information relating to the selected authentication method, ascertaining supported second authentication methods on the basis of the security information, verifying the selected authentication method on the basis of the supported second authentication methods according to a predefinable checking rule, such that the authentication using the selected authentication method is continued if a verification result conforms to the checking rule, the authentication using the selected authentication method is prevented if a verification result does not conform to the checking rule.
 6. The method according to claim 5, wherein the authentication using the electronic key is prevented.
 7. A system for authentication of a user, comprising an electronic key comprising means for performing at least two authentication methods, wherein separate security information is stored for an authentication method in each case, said security information being readable via at least one interface, and wherein the security information relating to a first authentication method includes information relating to the support for at least one further authentication method, a reading device having means for ascertaining further supported authentication methods on the basis of the security information that is read, and for verifying a selected authentication method on the basis of the further supported authentication methods according to a predefinable checking rule, such that the authentication using the selected authentication method is continued if a verification result conforms to the checking rule, the authentication using the selected authentication method is prevented if a verification result does not conform to the checking rule.
 8. The system according to claim 7, wherein the at least one interface of the electronic key is designed as a contacted chipcard, contactless chipcard or magnetic strip.
 9. The system according to claim 7, wherein the integrity of the information stored in the electronic key relating to the support for a further authentication method is protected by a cryptographic checksum.
 10. The system according to claim 7, wherein the information stored in the electronic key relating to the support for a further authentication method can be retrieved from a server.
 11. The method according to claim 5, wherein the at least one interface of the electronic key is designed as a contacted chipcard, contactless chipcard or magnetic strip.
 12. The method according to claim 5, wherein the integrity of the information stored in the electronic key relating to the support for a further authentication method is protected by a cryptographic checksum.
 13. The method according to claim 5, further comprising retrieving the information stored in the electronic key relating to the support for a further authentication method from a server. 